- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
With security threats increasing and regulation tightening, companies are demanding greater IT accountability - and that can mean being forced to walk the plank after a breach.
AOL fired a researcher and a manager last week, and CTO Maureen Govern resigned after the Dulles, Va., company posted data on search queries made by 650,000 AOL subscribers. Ohio University dismissed two senior IT people this month following news of five security vulnerabilities that exposed the sensitive records of 137,000 alumni.
Fallout from the Department of Veterans Affairs' security debacle is ongoing. The agency fired the analyst who took home a laptop containing data on 26 million veterans that was stolen when burglars broke into his home. The ensuing examination of the agency's security practices led to the departure of several other VA employees, including CISO Pedro Cadenas, who resigned last month.
More:
One IT exec's take on accountability
What do you think? Discuss in our accountability forum.
Security accountability is long overdue, says John Pescatore, a security analyst at Gartner. When a series of worms hit in 2001 and paralyzed businesses, IT staff threw up their hands and blamed vendors. "Five years ago, nobody was responsible and nobody had authority," Pescatore says.
That doesn't fly today. If a company is spending 5% of its IT budget on security, it expects a payoff. "The business side of the organization has learned to live with accountability and is able to talk about revenues and returns," Pescatore says. "IT is getting dragged there, too."
It's not always a reasonable position, says Khalid Kark, an analyst at Forrester Research. IT managers and security managers aren't the ones setting corporate policies, yet they're responsible for enforcing the policies and ensuring security, he says. Recent breaches have led to a surge in security consciousness in the executive suite, but it will take time to filter through the organization. "Meanwhile, corporate boards need to have a scapegoat, and they've got one."
IT executives say their jobs are now on the line if an IT event compromises security or impedes business performance. They're taking the heightened exposure in stride, however.
Greater accountability is a natural consequence of IT becoming more central to business operations, says Chris Majauckas, computer technology manager for Metrocorp Publications in Boston.
The Leader in Network Knowledge
Comment